CVE-2017-9287

Published: 29 May 2017

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
openldap
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.44+dfsg-5)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.4.42+dfsg-2ubuntu3.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.31-1+nmu2ubuntu8.4)
Patches:
Upstream: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e